| From: | Bruce Momjian <pgman(at)candle(dot)pha(dot)pa(dot)us> |
|---|---|
| To: | Jim Mercer <jim(at)reptiles(dot)org> |
| Cc: | Tom Lane <tgl(at)sss(dot)pgh(dot)pa(dot)us>, PostgreSQL-development <pgsql-hackers(at)postgresql(dot)org> |
| Subject: | Re: Encrypting pg_shadow passwords |
| Date: | 2001-06-26 04:56:04 |
| Message-ID: | 200106260456.f5Q4u4Y00723@candle.pha.pa.us |
| Views: | Raw Message | Whole Thread | Download mbox | Resend email |
| Thread: | |
| Lists: | pgsql-hackers |
> On Tue, Jun 26, 2001 at 12:20:40AM -0400, Bruce Momjian wrote:
> > We will do double-crypt and everyone will be happy, right?
> >
> > > if the API as above existed, then i would be happy to see "password" go away
> > > (although it should be depreciated to a --enable option, otherwise you are
> > > going to ruin a bunch of existing code).
> >
> > Who is using it? We can continue to allow it but at some point there is
> > no purpose to it unless you have clients that are pre-7.2. Double-crypt
> > removes the use for it, no?
>
> if the API allows a plain text password, and compares agains a cyrtpo-pg_shadow
> i would imagine that would be fine.
>
> at this point i should apologize for possibly arguing out of turn.
>
> if 7.2 has the above, that is cool.
>
> i'm sorta hoping my mods can make it into 7.1.3, if there is one.
Not a chance. Only major bug fixes in 7.1.X.
--
Bruce Momjian | http://candle.pha.pa.us
pgman(at)candle(dot)pha(dot)pa(dot)us | (610) 853-3000
+ If your life is a hard drive, | 830 Blythe Avenue
+ Christ can be your backup. | Drexel Hill, Pennsylvania 19026
| From | Date | Subject | |
|---|---|---|---|
| Next Message | Tatsuo Ishii | 2001-06-26 08:53:04 | Re: stuck spin lock with many concurrent users |
| Previous Message | Jim Mercer | 2001-06-26 04:51:21 | Re: Encrypting pg_shadow passwords |